CodePeer Features

CodePeer identifies constructs that are likely to lead to run-time errors such as buffer overflows, and it flags legal but suspect code typical of logic errors. Going well beyond the capabilities of typical static analysis tools, CodePeer also produces a detailed analysis of each subprogram, including pre and postconditions.

Uses static control-flow, data-flow, and possible-value-set propagation techniques to detect errors before program execution


Mathematically analyzes every line of code without executing the program, considering all combinations of program input across all paths within the program


Analyzes programs for a wide range of flaws including

  • use of uninitialized data
  • pointer misuse
  • buffer overflow
  • numeric overflow
  • division by zero
  • dead code
  • concurrency faults (race conditions)

Identifies not only where a failure could occur, but also where the bad values originate

  • within the current subprogram
  • from some non-local subprogram that reached the point of failure through a series of calls

Detects code that, although syntactically and semantically correct, is performing a suspect computation such as:

  • assigning to a variable that is never subsequently referenced
  • testing a condition that always evaluates to the same true or false value

Automatically generates both human-readable and machine-readable component specifications:

  • preconditions and postconditions
  • inputs and outputs
  • heap allocations

CodePeer also includes a number of complementary static analysis tools common to the GNAT Pro technology – a coding standard verification tool (GNATcheck), a program metric generator (GNATmetric), a semantic analyzer, and a document generator – that can be invoked through the GNAT Programming Studio (GPS) IDE.